At healthcare events throughout the world, we have met many health tech companies who are considering migrating to the cloud, but have serious concerns about protecting electronic protected health Information (e-PHI) and maintaining HIPAA compliance as they virtualize their environments.

We are seeing a serious gap between healthcare companies’ security and compliance needs, and the solutions offered by their cloud providers.

Below, a summary of the questions we are continually asked at shows, events, and meetings with healthcare professionals.

Cloud Computing Security Considerations

Q. What cloud computing security considerations should healthcare companies examine?HIPAA compliance is comprised of multiple technologies and processes. When it comes to data encryption, securing e-PHI that your company creates, receives, maintains or transmits electronically is critical in infrastructure clouds. Clouds obviously don’t have walls – which is why encryption has become the best practice for creating “mathematical walls” in the cloud.

Since your cloud project will have both servers and data in the cloud, you need a solution that:

Has an “everything cloud” approach: No “gateways” or hardware required

Maintains HIPAA/HITECH Compliance

Ensures data security – going beyond a “check the box” approach

Is simple, easy to use, flexible, and cost-effective

It is your responsibility to secure your sensitive patient data, to encrypt data at rest and in transit and, importantly, to ensure that only you (not even your cloud provider) control your encryption keys. This is both security common sense and also important from a regulatory point of view.

Q. Is it possible to achieve “safe harbor” in cloud scenarios?The Secretary of Health and Human Services published guidance on “technologies and methodologies that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals.” The guidance emphasizes that data encryption is not only a best practice for protecting privacy and security – it also provides a safe harbor to the organization in case of data loss.

Q. How is the Porticor cloud encryption solution different?Porticor did not re-invent the data encryption wheel. We use the strongest industry standards for data encryption like AES. Our system is unique, however, in how it handles the keys to your encrypted data. Porticor is the only system that keeps control of encryption keys in the hands of the end customer while providing a pure cloud model – without any hardware requirements.

With Porticor, once your e-PHI is encrypted, our system splits the encryption key it into two parts (here’s how in 90 seconds). One part stays within our system and one part, the “master key” stays with you at all times. Both parts are required to access your data. With this split-key encryption approach, Porticor ensures that only you control access to your data. Your cloud provider cannot access it, Porticor cannot access it, and hackers cannot access it. Only you control your data. This is what makes the system HIPAA compliant while maintaining the “pure cloud” approach. You can read more about it here.

CIO, CTO & Developer Resources

Q. Does this kind of cloud security slow down performance?No. We’ve gone to some length to keep performance top notch, by introducing efficient streaming. We also make sure that encryption happens inside your cloud account so there are no latency issues around network hops. You have a choice between a “Virtual Appliance” that you can bring up inside your own cloud account, and an “agent” that you can install on your own.

As a result in some use cases we actually speed you up a bit! Detailed benchmarks are available here.

Q. What does homomorphic encryption mean?Homomorphic encryption is a technique that enables encrypting data, and keeping it encrypted even if it is used in calculations. As it relates to our system, Porticor homomorphically encrypts your master key before it enters the cloud, and it stays encrypted – never decrypted – when it is used in the cloud. This means your entire project works without anyone knowing your master key – not Porticor, not AWS, no computing element at all. This way, you retain control of your key at all times. Your key is safe even when it is in use in the cloud.

Q. Which companies need Porticor’s cloud security?If your company or its clients face regulations like HIPAA, PCI DSS, or many others – you need Porticor.

Q. Which clouds are supported by Porticor?You can use Porticor in any cloud scenario: public clouds (AWS, VMware, IBM, HP, etc.), private clouds (VMware again), or hybrid scenarios.

Q. How do I get started?You can try it for free here. If you have any questions, contact us.

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

Chuck Piluso presented a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions.
Prior to Secure Infrastructure and Services, Mr. Piluso founded North American Telecommunication Corporation, a facilities-based Competitive Local Exchange Carrier licensed by the Public Service Commission in 10 states, serving as the company's chairman and president from 1997 to 2000.
Between 1990 and 1997, Mr. Piluso served as chairman & founder of International Te...

The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016.
Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one.
In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin,...

Container technology is sending shock waves through the world of cloud computing. Heralded as the 'next big thing,' containers provide software owners a consistent way to package their software and dependencies while infrastructure operators benefit from a standard way to deploy and run them. Containers present new challenges for tracking usage due to their dynamic nature. They can also be deployed to bare metal, virtual machines and various cloud platforms. How do software owners track the usag...

SYS-CON Events announced today that MobiDev, a software development company, will exhibit at the 17th International Cloud Expo®, which will take place November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
MobiDev is a software development company with representative offices in Atlanta (US), Sheffield (UK) and Würzburg (Germany); and development centers in Ukraine. Since 2009 it has grown from a small group of passionate engineers and business managers to a full-scale mobi...

With SaaS use rampant across organizations, how can IT departments track company data and maintain security? More and more departments are commissioning their own solutions and bypassing IT. A cloud environment is amorphous and powerful, allowing you to set up solutions for all of your user needs: document sharing and collaboration, mobile access, e-mail, even industry-specific applications.
In his session at 16th Cloud Expo, Shawn Mills, President and a founder of Green House Data, discussed h...

There are many considerations when moving applications from on-premise to cloud. It is critical to understand the benefits and also challenges of this migration. A successful migration will result in lower Total Cost of Ownership, yet offer the same or higher level of robustness.
In his session at 15th Cloud Expo, Michael Meiner, an Engineering Director at Oracle, Corporation, analyzed a range of cloud offerings (IaaS, PaaS, SaaS) and discussed the benefits/challenges of migrating to each offe...

One of the hottest areas in cloud right now is DRaaS and related offerings.
In his session at 16th Cloud Expo, Dale Levesque, Disaster Recovery Product Manager with Windstream's Cloud and Data Center Marketing team, will discuss the benefits of the cloud model, which far outweigh the traditional approach, and how enterprises need to ensure that their needs are properly being met.

In their session at 17th Cloud Expo, Hal Schwartz, CEO of Secure Infrastructure & Services (SIAS), and Chuck Paolillo, CTO of Secure Infrastructure & Services (SIAS), provide a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions.
In his role as CEO of Secure Infrastructure & Services (SIAS), Hal Schwartz provides leadership and direction for the company.

"We've just seen a huge influx of new partners coming into our ecosystem, and partners building unique offerings on top of our API set," explained Seth Bostock, Chief Executive Officer at IndependenceIT, in this SYS-CON.tv interview at 16th Cloud Expo, held June 9-11, 2015, at the Javits Center in New York City.

SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.

Mobile, social, Big Data, and cloud have fundamentally changed the way we live. “Anytime, anywhere” access to data and information is no longer a luxury; it’s a requirement, in both our personal and professional lives. For IT organizations, this means pressure has never been greater to deliver meaningful services to the business and customers.

The Internet of Everything (IoE) brings together people, process, data and things to make networked connections more relevant and valuable than ever before – transforming information into knowledge and knowledge into wisdom. IoE creates new capabilities, richer experiences, and unprecedented opportunities to improve business and government operations, decision making and mission support capabilities.

Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy.
How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at @ThingsExpo, James Kirkland, Red Hat's Chief Arch...

Malicious agents are moving faster than the speed of business. Even more worrisome, most companies are relying on legacy approaches to security that are no longer capable of meeting current threats. In the modern cloud, threat diversity is rapidly expanding, necessitating more sophisticated security protocols than those used in the past or in desktop environments. Yet companies are falling for cloud security myths that were truths at one time but have evolved out of existence.

Digital Transformation is the ultimate goal of cloud computing and related initiatives. The phrase is certainly not a precise one, and as subject to hand-waving and distortion as any high-falutin' terminology in the world of information technology.
Yet it is an excellent choice of words to describe what enterprise IT—and by extension, organizations in general—should be working to achieve.
Digital Transformation means:
handling all the data types being found and created in the organizat...

Public Cloud IaaS started its life in the developer and startup communities and has grown rapidly to a $20B+ industry, but it still pales in comparison to how much is spent worldwide on IT: $3.6 trillion. In fact, there are 8.6 million data centers worldwide, the reality is many small and medium sized business have server closets and colocation footprints filled with servers and storage gear. While on-premise environment virtualization may have peaked at 75%, the Public Cloud has lagged in adop...

The time is ripe for high speed resilient software defined storage solutions with unlimited scalability. ISS has been working with the leading open source projects and developed a commercial high performance solution that is able to grow forever without performance limitations.
In his session at Cloud Expo, Alex Gorbachev, President of Intelligent Systems Services Inc., shared foundation principles of Ceph architecture, as well as the design to deliver this storage to traditional SAN storage co...

MuleSoft has announced the findings of its 2015 Connectivity Benchmark Report on the adoption and business impact of APIs.
The findings suggest traditional businesses are quickly evolving into "composable enterprises" built out of hundreds of connected software services, applications and devices. Most are embracing the Internet of Things (IoT) and microservices technologies like Docker. A majority are integrating wearables, like smart watches, and more than half plan to generate revenue with ...

The Cloud industry has moved from being more than just being able to provide infrastructure and management services on the Cloud. Enter a new era of Cloud computing where monetization’s services through the Cloud are an essential piece of strategy to feed your organizations bottom-line, your revenue and Profitability.
In their session at 16th Cloud Expo, Ermanno Bonifazi, CEO & Founder of Solgenia, and Ian Khan, Global Strategic Positioning & Brand Manager at Solgenia, discussed how to easily o...

The speed of software changes in growing and large scale rapid-paced DevOps environments presents a challenge for continuous testing. Many organizations struggle to get this right. Practices that work for small scale continuous testing may not be sufficient as the requirements grow.
In his session at DevOps Summit, Marc Hornbeek, Sr. Solutions Architect of DevOps continuous test solutions at Spirent Communications, explained the best practices of continuous testing at high scale, which is rele...

The majority of an organization’s revenues are dependent on suppliers, distributors and other third parties. But as Benjamin M. Lawsky, New York State’s Superintendent of Financial Services, points out: “Unfortunately, those third-party firms can provide a back-door entrance to hackers who are seeking to steal sensitive bank customer data.”
By now most everyone is well aware of the major data breaches afflicting Target and Home Depot – both triggered through a third party – that affected more than 100 million consumers. But the problem persists. A recent report from the New York State Departm...

Tableau Software and big data analytics platforms come together to provide visualization benefits for those seeking more than just crunched numbers.
The next BriefingsDirect big data innovation discussion highlights how Tableau Software and big data analytics platforms come together to provide visualization benefits for those seeking more than just crunched numbers. They're looking for ways to improve their businesses effectively and productively, and to share the analysis quickly and broadly.

Conservation International (CI) in Arlington, Virginia uses new technology to pursue more data about what's going on in tropical forests and other ecosystems around the world.
As a non-profit, they have a goal of a sustainable planet, but we're going to learn how they've learned to measure what was once unmeasurable -- and then to share that data to promote change and improvement.

Business and IT leaders today need better application delivery capabilities to support critical new innovation. But how often do you hear objections to improving application delivery like, "I can harden it against attack, but not on this timeline"; "I can make it better, but it will cost more"; "I can deliver faster, but not with these specs"; or "I can stay strong on cost control, but quality will suffer"? In the new application economy, these tradeoffs are no longer acceptable. Customers will abandon your brand forever for a slow response or a privacy breach; competitors will steal critical ...

Learn how the IoT Cloud will power the world of tomorrow and why managing IoT through the cloud is as important as cloud computing itself. Learn how the devices of tomorrow will work on business models that reflect a new business strategy and a way to consume services.
In his session at @ThingsExpo, Ian Khan, Manager, Innovation & Marketing at Solgenia, will discuss how powered by the cloud and made possible by high tech manufacturing, sensors and devices with one way and even two way ability of control will devise a new IoT Cloud enabled world.

The Federal Government’s “Cloud First” policy mandates that agencies take full advantage of cloud computing benefits to maximize capacity utilization, improve IT flexibility and responsiveness, and minimize cost. The Federal Risk and Authorization Management Program (FedRAMP) is a mandatory government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Advantages for business include being able to market to many federal agencies after a single FedRAMP review following the government’s “approve once...

The Internet of Things (IoT) has quickly become the next “be all to end all” in information technology. Touted as how cloud computing will connect everyday things together, it is also feared as the real- life instantiation of The Terminator’s Skynet, where sentient robot team with an omnipresent and all-knowing entity that uses technology to control, and ultimately destroy, all of humanity.

As a recent graduate, and now professor in the University of Connecticut's Business Analytics and Project Management masters program, I have a lot of conversations surrounding the topic of "Big Data" and questions such as, "What does that term actually mean?"
Big Data is a fairly new topic and what seems to be an elusive term for many. Conversations are important to help bring clarity to Big Data, as well as generate ideas about how we can shape, not only what it is, but also the future of where it's going.

Knowledge management, in business terms, refers to saving, developing, sharing, and effectively using knowledge for the benefit of organization. It refers to a multi-disciplined approach of achieving organizational objectives by making the best use of knowledge.
Scientia potentia est (Latin proverb meaning "knowledge is power") attributed to 16th century philosopher Sir Francis Bacon is nowadays more valid than ever. Knowledge is power and knowledge management is the key to success.
Knowledge management, in business terms, refers to saving, developing, sharing, and effectively using knowledg...

We Need a Holistic Network Infrastructure: Why Controllers Are Not Cutting It
For years, we've relied too heavily on individual network functions or simplistic cloud controllers. However, they are no longer enough for today's modern cloud data center. Businesses need a comprehensive platform architecture in order to deliver a complete networking suite for IoT environment based on OpenStack.
In his session at @ThingsExpo, Dhiraj Sehgal from PLUMgrid discussed what a holistic networking solution should really entail, and how to build a complete platform that is scalable, secure, agile and auto...

It is interesting to me, how quickly the hype cycle of a good thing can turn it into a monster that will inevitably eat itself, leaving a much smaller – and much more useful – concept or toolset behind. It has happened over and over in high tech, one need only say “XML” to understand what I mean. It is definitely a useful tool for some jobs, but the “XML Everywhere” craze was insane. People declaring such patently false ideas as “It will end the need for programmers.”

As companies embrace the DevOps movement, they rely heavily on automation to improve the time to market for new features and services. DevOps is a long, never-ending journey with a goal of continuously improving the software delivery process, resulting in better products and services and, ultimately, happier customers. At the beginning of their DevOps journeys, many companies focus on continuous integration (CI), in which they automate the build process. Automated testing is implemented so that builds will fail if any changes fail the baseline tests. The idea here is to never move bugs forward...

Alibaba, the world’s largest ecommerce provider, has pumped over a $1 billion into its subsidiary, Aliya, a cloud services provider. This is perhaps one of the biggest moments in the global Cloud Wars that signals the entry of China into the main arena. Here is why this matters.
The cloud industry worldwide is being propelled into fast growth by tremendous demand for cloud computing services. Cloud, which is highly scalable and offers low investment and high computational capabilities to end users by eliminating the need to buy costly infrastructure and instead rent it from cloud providers, i...

Cloud computing budgets worldwide are reaching into the hundreds of billions of dollars, and no organization can survive long without some sort of cloud migration strategy. Each month brings new announcements, use cases, and success stories.